0

I am trying to set up my own web server to learn a bit more about server admin.

I have decided that I want to serve each sites files from a public_html folder inside the users /home directory.

I have installed Nginx, edited the nginx.conf and changed the username / group to nginx.

I have added a new user for the new site and changed the vhosts file to look like so;

server {
    listen         80;
    listen         [::]:80;
    server_name    website.com www.website.com;
    root           /home/website/public_html;
    index          index.html index.htm index.php;

    location / {
      try_files $uri $uri/ =404;
    }

    location ~* \.php$ {
    fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

But when I try and get to the site, it returns a 404 Not Found.

When I check the error log, I am seeing the following errors;

2019/01/02 19:49:45 [crit] 18248#0: *1 stat() "/home/website/public_html/" failed (13: Permission denied)

Any chance someone has come across this before and could tell me how to handle it?

I have had a look around and saw some posts about getenforce, but when i run it, it says Disabled.

I am using CentOS7 if that makes any difference.

Cheers,

Chris
  • 3
  • 1
  • 1
  • 3
  • 1
    Possible duplicate of [What permissions should my website files/folders have on a Linux webserver?](https://serverfault.com/questions/357108/what-permissions-should-my-website-files-folders-have-on-a-linux-webserver) – Jenny D Jan 02 '19 at 10:43
  • @JennyD .. Im using nginx not Apache – Chris Jan 02 '19 at 10:45
  • 1
    You need the same basic set of permissions regardless of which webserver you're running. Obviously you need to replace the username `apache` with whatever username nginx is running under. – Jenny D Jan 02 '19 at 11:10
  • No, that didn't work ... Im still getting the exact same errors – Chris Jan 02 '19 at 11:22
  • Don't serve web sites from user home directories, for a wide variety of reasons. – Michael Hampton Jan 02 '19 at 14:04
  • Is `selinux` enabled? – chicks Jan 03 '19 at 03:30

4 Answers4

4

Following the guide from this website did it for me (as root):

setsebool -P httpd_enable_homedirs 1
setenforce 0
systemctl restart nginx
systemctl daemon-reload
Tiago Alves
  • 3
  • 2
edrichhans
  • 41
  • 3
1

The solution for me was to set the /home/user/public_html permissions to 755. By default, it was being created with 751 permissions. This was blocking the nginx user from being able to 'read' it. Certain web hosting panels like VestaCP, CPanel, and others may inadvertently do this when adding a new site through their interface.

Solution: sudo chmod 755 ~/public_html (adjust path to your public_html folder)

TetraDev
  • 111
  • 2
1

It is your home directory permission that is denying access to nginx.

Try:

ls -ld /home/website

then

setfacl -R -m u:nginx:rwx /home/website

Or 

chown -R nginx:nginx /home/website
chmod 655 /home/website
JKhan
  • 127
  • 7
  • 1
    default user for nginx is www-data so it's likely going to need to be ```sudo chown -R www-data:www-data /home/website``` – samayres1992 Jan 02 '19 at 12:13
  • @samayres1992 user created for centos/rhel is 'nginx' – JKhan Jan 12 '19 at 08:16
  • @TedKhi Samayres is right though. Unless you also explain that you need to change the default user that nginx runs as by updating `/etc/nginx/nginx.conf` to change the `user www-data` line to read `user nginx` instead, then the above would not work (unless they had already done that). – James Jan 13 '20 at 14:49
  • worked for me. I had to do 777 instead of 655. Thanks – Renil Babu Apr 14 '20 at 13:36
  • 3
    @RenilBabu Using 777 is a bad idea - that means ANYONE can write to you directory. Use 755 instead – TetraDev Oct 25 '20 at 20:47
0

Better fix: ls -Z myFile.js will show the SELinux context: -rw-r--r--. nginx nginx unconfined_u:object_r:user_home_t:s0 myFile.js Then, use chcon -v --type=httpd_sys_content_t myFile to change the SELinux content. I did it with Andrew Richard Miller's answer. https://stackoverflow.com/questions/25774999/nginx-stat-failed-13-permission-denied#comment84000833_30897591

thach.nv92
  • 21
  • 3